Skip to main content
GET
/
auth
/
signin
/
microsoft
/
{code}
Sign in with Microsoft (OAuth code)
curl --request GET \
  --url http://localhost:2000/auth/signin/microsoft/{code}
{
  "token": "<string>",
  "user": {
    "_id": "<string>",
    "emails": "user@example.com",
    "role": "user"
  },
  "profilePicture": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://compass.docs.sunnyscoach.com/llms.txt

Use this file to discover all available pages before exploring further.

Exchange Microsoft OAuth authorization code for user profile and issue a session token. If the user does not exist, a new user is created.

Request

Path Parameters

ParameterTypeRequiredDescription
codestringYesAuthorization code returned by Microsoft’s OAuth flow

Response

200 OK - Successful sign-in

Returns user, token and profile picture. 
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "_id": "64b7f1a2e4b0a5d3f9c12345",
    "emails": "user@example.com",
    "role": "user"
  },
  "profilePicture": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQ..."
}

400 Bad Request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid authorization code"
  }
}

500 Internal Server Error

{
  "error": {
    "code": "SERVER_ERROR",
    "message": "Internal server error"
  }
}

Example

curl -X GET 'http://localhost:2000/auth/signin/microsoft/M.R3_BAY.4a8b9c...'

Notes

  • The authorization code must be obtained from Microsoft’s OAuth 2.0 flow
  • If the user doesn’t exist in the system, a new user account will be created
  • The returned token should be stored securely and used for subsequent authenticated requests
  • The profile picture may be returned as base64 data or a URL depending on implementation
  • Token expiration time is typically 24 hours

OAuth Flow

  1. Redirect user to Microsoft’s OAuth consent screen
  2. User authorizes the application
  3. Microsoft redirects back with authorization code
  4. Exchange the code for access token and user profile using this endpoint

Path Parameters

code
string
required

Authorization code returned by Microsoft's OAuth flow

Response

Successful sign-in, returns user, token and profile picture

token
string
user
object
profilePicture
string

Profile picture payload (may be base64 or URL depending on implementation)